updated to 22.01 - SG1100 high CPU usage '/sbin/pfctl -vvsr'
-
This post is deleted! -
@pirsig
I have narrowed down the issue to pfblockerNG-devel. Uninstalling it removes the CPU load and pfctl process. -
@pirsig Interesting, were you using DNSBL? We have not used that at our clients, but from what I read here it can take a lot of memory and CPU to process large block lists. We use pfBlocker-devel for geoIP aliases and block feeds.
-
I am using DNSBL as well as several aliases for selective routing purposes. However it is not the DNSBL functionality since when I go to Status -> Services and stop the 'pfb_filter' service, leaving the 'pfb_dnsbl' service running the CPU usage drops immediately.
I should mention that I was previously running the pfsense 22.01 beta build with the same configuration (pfBlockerNG-devel + DNSBL, OpenVPN, torrents, snort, etc) with no issue, so I think it has to do with the new stable version.
-
@pirsig Hm, I'm not seeing that on three routers with 22.01 or 2.6. I'd guess it's related to the regression discussed above.
-
@steveits said in updated to 22.01 - SG1100 high CPU usage '/sbin/pfctl -vvsr':
from what I read here it can take a lot of memory and CPU to process large block lists
There is Wildcard Blocking (TLD) option on the Firewall > pfBlockerNG > DNSBL settings page that can really increase the load. Check the infoblock text for that option.
@pirsig said in updated to 22.01 - SG1100 high CPU usage '/sbin/pfctl -vvsr':
/sbin/pfctl -vvsr
I did a really quick check and dont see this command being called from anywhere except the hidden status page (after logging in, browse to <pfsense url>/status.php). Not sure what would be calling it or why it would be pinning the CPU...
Edit: it looks like the pfblocker widget uses a variation of that call - "pfctl -vv -sr"...?
John
-
@steveits said in updated to 22.01 - SG1100 high CPU usage '/sbin/pfctl -vvsr':
Is your comment based on the assumption of high logging volume? Just thinking about this thread on eMMC.
Yes. Most users that are doing that on an eMMC have stated they were unaware of the recommendation to use an SSD/HDD for that task (and since the 1100 lacks that ability) they had a configuration that destroyed their eMMC in weeks, or months.
-
@rcoleman-netgate Interesting. I surely was unaware of that recommendation. Weeks to months seems absurdly low and makes we wonder about defaulting to ZFS per that thread and one or two other threads I've seen.
I'll pursue in that thread.
-
@serbus said in updated to 22.01 - SG1100 high CPU usage '/sbin/pfctl -vvsr':
There is Wildcard Blocking (TLD) option on the Firewall > pfBlockerNG > DNSBL settings page that can really increase the load. Check the infoblock text for that option.
I checked the DNSBL settings and wildcard blocking is unchecked.
@serbus said in updated to 22.01 - SG1100 high CPU usage '/sbin/pfctl -vvsr':
Edit: it looks like the pfblocker widget uses a variation of that call - "pfctl -vv -sr"...?
Thanks for the suggestion, I deleted the pfblocker widget from my home page, but the CPU is still pinned :/
However I did check the hidden status page as you suggested, and found a little more detail on the process, it seems to be called from the filterlog script?
0.0 4.4 62604 43828 - S 10:10 0:19.21 |-- /usr/local/bin/php_pfb -f /usr/local/pkg/pfblockerng/pfblockerng.inc filterlog 32.2 0.3 11904 3192 - R 11:39 0:03.80 | `-- /sbin/pfctl -vvsr
-
@steveits It comes from this published document:
https://www.netgate.com/supported-pfsense-plus-packagesThe applications with the high logging or writes to the eMMC are noted as recommending an SSD or HDD.
There are, obviously, ways around that but they have their own caveats. -
See here for a patch:
https://www.reddit.com/r/pfBlockerNG/comments/sk9txi/ip_block_logging_not_working_pfsense_260rc/hvv99s1/?utm_source=reddit&utm_medium=web2x&context=3
-
@bbcan177 said in updated to 22.01 - SG1100 high CPU usage '/sbin/pfctl -vvsr':
https://www.reddit.com/r/pfBlockerNG/comments/sk9txi/ip_block_logging_not_working_pfsense_260rc/hvv99s1/?utm_source=reddit&utm_medium=web2x&context=3
Installed the patch and it solved it! Thanks!
-